PSARC/2009/155 ChrootDirectory option for SunSSH server

5043377 provide chroot capability in SunSSH
6809398 default PATH in SunSSH should contain "/bin"
6810759 remove md5crypt.c from SunSSH since it's not used
6813038 Subsystem keyword in sshd_config doesn't accept subsystem's options
6772676 ssh default XAuthLocation should be /usr/X11/bin/xauth

18 files changed, 999 insertions, 660 deletions

diff --git a/usr/src/cmd/ssh/Makefile b/usr/src/cmd/ssh/Makefile
index 75871373de..efaaf16480 100644
--- a/usr/src/cmd/ssh/Makefile
+++ b/usr/src/cmd/ssh/Makefile
@@ -20,18 +20,19 @@
 #
 
 #
-# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
-#
 
 include		../Makefile.cmd
 
+# libopenbsd-compat and libssh are used by all SSH binaries, and sftp-server is
+# also used as an internal part of sshd.
 SUBDIRS= \
 	etc \
 	libopenbsd-compat \
 	libssh \
+	sftp-server \
 	.WAIT \
 	ssh \
 	sshd \
@@ -41,7 +42,6 @@ SUBDIRS= \
 	ssh-keygen \
 	ssh-keysign \
 	ssh-keyscan \
-	sftp-server \
 	sftp \
 	ssh-http-proxy-connect \
 	ssh-socks5-proxy-connect
diff --git a/usr/src/cmd/ssh/etc/sshd_config b/usr/src/cmd/ssh/etc/sshd_config
index b885a58613..7af4dd3dd2 100644
--- a/usr/src/cmd/ssh/etc/sshd_config
+++ b/usr/src/cmd/ssh/etc/sshd_config
@@ -1,5 +1,5 @@
 #
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # Configuration file for sshd(1m)
@@ -126,7 +126,7 @@ PAMAuthenticationViaKBDInt yes
 PermitRootLogin no
 
 # sftp subsystem
-Subsystem	sftp	/usr/lib/ssh/sftp-server
+Subsystem	sftp	internal-sftp
 
 
 # SSH protocol v1 specific options
diff --git a/usr/src/cmd/ssh/include/config.h b/usr/src/cmd/ssh/include/config.h
index c770bbcc99..963aee5bb2 100644
--- a/usr/src/cmd/ssh/include/config.h
+++ b/usr/src/cmd/ssh/include/config.h
@@ -289,7 +289,7 @@ extern "C" {
 #define	HAVE_GETPAGESIZE 1
 
 /* Define if xauth is found in your path */
-#define	XAUTH_PATH "/usr/openwin/bin/xauth"
+#define	XAUTH_PATH "/usr/X11/bin/xauth"
 
 /* Define if rsh is found in your path */
 #define	RSH_PATH "/usr/bin/rsh"
@@ -352,8 +352,13 @@ extern "C" {
 /* Define if you need to use IP address instead of hostname in $DISPLAY */
 /* #undef IPADDR_IN_DISPLAY */
 
-/* Specify default $PATH */
-#define	USER_PATH "/usr/bin"
+/*
+ * Specify the default $PATH. While /bin is a symbolic link to /usr/bin in
+ * Solaris, to include both of them there may help when users use
+ * ChrootDirectory options with plain SSH connections, without their own shell
+ * profiles.
+ */
+#define	USER_PATH "/usr/bin:/bin"
 
 /* Specify location of ssh.pid */
 #define	_PATH_SSH_PIDDIR "/var/run"
diff --git a/usr/src/cmd/ssh/include/misc.h b/usr/src/cmd/ssh/include/misc.h
index 16f2210291..c626301f84 100644
--- a/usr/src/cmd/ssh/include/misc.h
+++ b/usr/src/cmd/ssh/include/misc.h
@@ -10,7 +10,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -19,8 +19,6 @@
 
 /*	$OpenBSD: misc.h,v 1.12 2002/03/19 10:49:35 markus Exp $	*/
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -35,6 +33,7 @@ char	*cleanhostname(char *);
 char	*hpdelim(char **);
 char	*colon(char *);
 long	 convtime(const char *);
+char	*percent_expand(const char *, ...);
 char	*tohex(const void *, size_t);
 void	 sanitise_stdfd(void);
 int	 get_yes_no_flag(int *option, const char *arg, const char *filename,
diff --git a/usr/src/cmd/ssh/include/servconf.h b/usr/src/cmd/ssh/include/servconf.h
index 2199a1b172..f222b8596d 100644
--- a/usr/src/cmd/ssh/include/servconf.h
+++ b/usr/src/cmd/ssh/include/servconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -40,9 +40,12 @@ extern "C" {
 #define	PERMIT_NO_PASSWD	2
 #define	PERMIT_YES		3
 
+/* Magic name for internal sftp-server */
+#define	INTERNAL_SFTP_NAME	"internal-sftp"
+
 typedef struct {
-	u_int num_ports;
-	u_int ports_from_cmdline;
+	u_int	num_ports;
+	u_int	ports_from_cmdline;
 	u_short ports[MAX_PORTS];	/* Port number to listen on. */
 	char   *listen_addr;		/* Address on which the server listens. */
 	struct addrinfo *listen_addrs;	/* Addresses on which the server listens. */
@@ -116,18 +119,20 @@ typedef struct {
 	int     use_login;	/* If true, login(1) is used */
 	int     compression;	/* If true, compression is allowed */
 	int	allow_tcp_forwarding;
-	u_int num_allow_users;
+
+	u_int	num_allow_users;
 	char   *allow_users[MAX_ALLOW_USERS];
-	u_int num_deny_users;
+	u_int	num_deny_users;
 	char   *deny_users[MAX_DENY_USERS];
-	u_int num_allow_groups;
+	u_int	num_allow_groups;
 	char   *allow_groups[MAX_ALLOW_GROUPS];
-	u_int num_deny_groups;
+	u_int	num_deny_groups;
 	char   *deny_groups[MAX_DENY_GROUPS];
 
-	u_int num_subsystems;
+	u_int	num_subsystems;
 	char   *subsystem_name[MAX_SUBSYSTEMS];
 	char   *subsystem_command[MAX_SUBSYSTEMS];
+	char   *subsystem_args[MAX_SUBSYSTEMS];
 
 	int	max_startups_begin;
 	int	max_startups_rate;
@@ -157,6 +162,7 @@ typedef struct {
 
 	int	lookup_client_hostnames;
 	int	use_openssl_engine;
+	char   *chroot_directory;
 
 }       ServerOptions;
 
@@ -164,6 +170,7 @@ void	 initialize_server_options(ServerOptions *);
 void	 read_server_config(ServerOptions *, const char *);
 void	 fill_default_server_options(ServerOptions *);
 int	 process_server_config_line(ServerOptions *, char *, const char *, int);
+int	 chroot_requested(char *chroot_directory);
 
 #ifdef __cplusplus
 }
diff --git a/usr/src/cmd/ssh/include/sftp.h b/usr/src/cmd/ssh/include/sftp.h
index e82483807f..e35cbdedf1 100644
--- a/usr/src/cmd/ssh/include/sftp.h
+++ b/usr/src/cmd/ssh/include/sftp.h
@@ -1,15 +1,3 @@
-/*	$OpenBSD: sftp.h,v 1.4 2002/02/13 00:59:23 djm Exp $	*/
-
-#ifndef	_SFTP_H
-#define	_SFTP_H
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -34,10 +22,19 @@ extern "C" {
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*	$OpenBSD: sftp.h,v 1.4 2002/02/13 00:59:23 djm Exp $	*/
+
 /*
  * draft-ietf-secsh-filexfer-01.txt
  */
 
+#ifndef	_SFTP_H
+#define	_SFTP_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* version */
 #define	SSH2_FILEXFER_VERSION		3
 
@@ -101,6 +98,10 @@ extern "C" {
 #define SSH2_FX_OP_UNSUPPORTED		8
 #define SSH2_FX_MAX			8
 
+struct passwd;
+
+int	sftp_server_main(int, char **, struct passwd *);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/usr/src/cmd/ssh/include/uidswap.h b/usr/src/cmd/ssh/include/uidswap.h
index 5c01d6107f..5444f02d32 100644
--- a/usr/src/cmd/ssh/include/uidswap.h
+++ b/usr/src/cmd/ssh/include/uidswap.h
@@ -1,15 +1,3 @@
-/*	$OpenBSD: uidswap.h,v 1.9 2001/06/26 17:27:25 markus Exp $	*/
-
-#ifndef	_UIDSWAP_H
-#define	_UIDSWAP_H
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -22,9 +10,18 @@ extern "C" {
  * called by a name other than "ssh" or "Secure Shell".
  */
 
+/*	$OpenBSD: uidswap.h,v 1.9 2001/06/26 17:27:25 markus Exp $	*/
+
+#ifndef	_UIDSWAP_H
+#define	_UIDSWAP_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void	 temporarily_use_uid(struct passwd *);
 void	 restore_uid(void);
-void	 permanently_set_uid(struct passwd *);
+void	 permanently_set_uid(struct passwd *, char *);
 
 #ifdef __cplusplus
 }
diff --git a/usr/src/cmd/ssh/libssh/common/misc.c b/usr/src/cmd/ssh/libssh/common/misc.c
index dcd7902021..e73d3f364b 100644
--- a/usr/src/cmd/ssh/libssh/common/misc.c
+++ b/usr/src/cmd/ssh/libssh/common/misc.c
@@ -22,15 +22,13 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
 #include "includes.h"
 RCSID("$OpenBSD: misc.c,v 1.19 2002/03/04 17:27:39 stevesk Exp $");
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include "misc.h"
 #include "log.h"
 #include "xmalloc.h"
@@ -439,6 +437,68 @@ freeargs(arglist *args)
 }
 
 /*
+ * Expand a string with a set of %[char] escapes. A number of escapes may be
+ * specified as (char *escape_chars, char *replacement) pairs. The list must
+ * be terminated by a NULL escape_char. Returns replaced string in memory
+ * allocated by xmalloc.
+ */
+char *
+percent_expand(const char *string, ...)
+{
+#define EXPAND_MAX_KEYS	16
+	struct {
+		const char *key;
+		const char *repl;
+	} keys[EXPAND_MAX_KEYS];
+	u_int num_keys, i, j;
+	char buf[4096];
+	va_list ap;
+
+	/* Gather keys */
+	va_start(ap, string);
+	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
+		keys[num_keys].key = va_arg(ap, char *);
+		if (keys[num_keys].key == NULL)
+			break;
+		keys[num_keys].repl = va_arg(ap, char *);
+		if (keys[num_keys].repl == NULL)
+			fatal("percent_expand: NULL replacement");
+	}
+	va_end(ap);
+
+	if (num_keys >= EXPAND_MAX_KEYS)
+		fatal("percent_expand: too many keys");
+
+	/* Expand string */
+	*buf = '\0';
+	for (i = 0; *string != '\0'; string++) {
+		if (*string != '%') {
+ append:
+			buf[i++] = *string;
+			if (i >= sizeof(buf))
+				fatal("percent_expand: string too long");
+			buf[i] = '\0';
+			continue;
+		}
+		string++;
+		if (*string == '%')
+			goto append;
+		for (j = 0; j < num_keys; j++) {
+			if (strchr(keys[j].key, *string) != NULL) {
+				i = strlcat(buf, keys[j].repl, sizeof(buf));
+				if (i >= sizeof(buf))
+					fatal("percent_expand: string too long");
+				break;
+			}
+		}
+		if (j >= num_keys)
+			fatal("percent_expand: unknown key %%%c", *string);
+	}
+	return (xstrdup(buf));
+#undef EXPAND_MAX_KEYS
+}
+
+/*
  * Ensure that file descriptors 0, 1 and 2 are open or directed to /dev/null,
  * do not touch those that are already open.
  */
diff --git a/usr/src/cmd/ssh/libssh/common/uidswap.c b/usr/src/cmd/ssh/libssh/common/uidswap.c
index 31acab9341..f5892ee2ac 100644
--- a/usr/src/cmd/ssh/libssh/common/uidswap.c
+++ b/usr/src/cmd/ssh/libssh/common/uidswap.c
@@ -11,17 +11,18 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
 #include "includes.h"
 RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $");
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
+#include <priv.h>
 
 #include "log.h"
 #include "uidswap.h"
+#include "servconf.h"
 
 /*
  * Note: all these functions must work in all of the following cases:
@@ -164,21 +165,82 @@ restore_uid(void)
 }
 
 /*
- * Permanently sets all uids to the given uid.  This cannot be
- * called while temporarily_use_uid is effective.
+ * Permanently sets all uids to the given uid. This cannot be called while
+ * temporarily_use_uid is effective. Note that when the ChrootDirectory option
+ * is in use we keep a few privileges so that we can call chroot(2) later while
+ * already running under UIDs of a connecting user.
  */
 void
-permanently_set_uid(struct passwd *pw)
+permanently_set_uid(struct passwd *pw, char *chroot_directory)
 {
+	priv_set_t *pset;
+
 	if (temporarily_use_uid_effective)
-		fatal("permanently_set_uid: temporarily_use_uid effective");
-	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
-	    (u_int)pw->pw_gid);
+		fatal("%s: temporarily_use_uid effective", __func__);
+
+	debug("%s: %u/%u", __func__, (u_int)pw->pw_uid, (u_int)pw->pw_gid);
+
 	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
 		fatal("initgroups: %s: %.100s", pw->pw_name,
 		    strerror(errno));
+
 	if (setgid(pw->pw_gid) < 0)
 		fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
+
+	/*
+	 * If root is connecting we are done now. Note that we must have called
+	 * setgid() in case that the SSH server was run under a group other than
+	 * root.
+	 */
+	if (pw->pw_uid == 0)
+		return;
+
+	/*
+	 * This means we will keep all privileges after the UID change.
+	 */
+	if (setpflags(PRIV_AWARE, 1) != 0)
+		fatal("setpflags: %s", strerror(errno));
+
+	/* Now we are running under UID of the user. */
 	if (setuid(pw->pw_uid) < 0)
 		fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
+
+	/*
+	 * We will run with the privileges from the Inheritable set as
+	 * we would have after exec(2) if we had stayed in NPA mode
+	 * before setuid(2) call (see privileges(5), user_attr(4), and
+	 * pam_unix_cred(5)). We want to run with P = E = I, with I as
+	 * set by pam_unix_cred(5). We also add PRIV_PROC_CHROOT,
+	 * obviously, and then PRIV_PROC_FORK and PRIV_PROC_EXEC, since
+	 * those two might have been removed from the I set. Note that
+	 * we are expected to finish the login process without them in
+	 * the I set, the important thing is that those not be passed on
+	 * to a shell or a subsystem later if they were not set in
+	 * pam_unix_cred(5).
+	 */
+	if ((pset = priv_allocset()) == NULL)
+		fatal("priv_allocset: %s", strerror(errno));
+	if (getppriv(PRIV_INHERITABLE, pset) != 0)
+		fatal("getppriv: %s", strerror(errno));
+
+	/* We do not need PRIV_PROC_CHROOT unless chroot()ing. */
+	if (chroot_requested(chroot_directory) &&
+	    priv_addset(pset, PRIV_PROC_CHROOT) == -1) {
+		fatal("%s: priv_addset failed", __func__);
+	}
+
+	if (priv_addset(pset, PRIV_PROC_FORK) == -1 ||
+	    priv_addset(pset, PRIV_PROC_EXEC) == -1) {
+		fatal("%s: priv_addset failed", __func__);
+	}
+
+	/* Set only P; this will also set E. */
+	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) == -1)
+		fatal("setppriv: %s", strerror(errno));
+
+	/* We don't need the PA flag anymore. */
+	if (setpflags(PRIV_AWARE, 0) == -1)
+		fatal("setpflags: %s", strerror(errno));
+
+	priv_freeset(pset);
 }
diff --git a/usr/src/cmd/ssh/sftp-server/Makefile b/usr/src/cmd/ssh/sftp-server/Makefile
index 3becbe23a2..c2bdf26c1e 100644
--- a/usr/src/cmd/ssh/sftp-server/Makefile
+++ b/usr/src/cmd/ssh/sftp-server/Makefile
@@ -18,14 +18,14 @@
 #
 # CDDL HEADER END
 #
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # cmd/ssh/sftp-server/Makefile
 
 PROG =		sftp-server
 
-OBJS =		sftp-server.o
+OBJS =		sftp-server.o sftp-server-main.o
 SRCS =		$(OBJS:.o=.c)
 
 include ../../Makefile.cmd
diff --git a/usr/src/cmd/ssh/sftp-server/sftp-server-main.c b/usr/src/cmd/ssh/sftp-server/sftp-server-main.c
new file mode 100644
index 0000000000..7b604b7cdc
--- /dev/null
+++ b/usr/src/cmd/ssh/sftp-server/sftp-server-main.c
@@ -0,0 +1,51 @@
+/* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */
+/*
+ * Copyright (c) 2008 Markus Friedl.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "sftp.h"
+#include "misc.h"
+
+/* defined in sftp-server.c */
+extern struct passwd *pw;
+extern char *client_addr;
+
+void cleanup_exit(int i);
+
+int
+main(int argc, char **argv)
+{
+	struct passwd *user_pw;
+
+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
+	if ((user_pw = getpwuid(getuid())) == NULL) {
+		fprintf(stderr, "No user found for uid %lu\n",
+		    (ulong_t)getuid());
+		return (1);
+	}
+
+	return (sftp_server_main(argc, argv, user_pw));
+}
diff --git a/usr/src/cmd/ssh/sftp-server/sftp-server.c b/usr/src/cmd/ssh/sftp-server/sftp-server.c
index c3e8c5061f..030ed79ac2 100644
--- a/usr/src/cmd/ssh/sftp-server/sftp-server.c
+++ b/usr/src/cmd/ssh/sftp-server/sftp-server.c
@@ -58,7 +58,7 @@ char *__progname;
 #define get_int()			buffer_get_int(&iqueue);
 #define get_string(lenp)		buffer_get_string(&iqueue, lenp);
 
-static void cleanup_exit(int i);
+void cleanup_exit(int i);
 
 /* Our verbosity */
 LogLevel log_level = SYSLOG_LEVEL_ERROR;
@@ -1195,8 +1195,11 @@ process(void)
 		buffer_consume(&iqueue, msg_len - consumed);
 }
 
-/* Cleanup handler that logs active handles upon normal exit */
-static void
+/*
+ * Cleanup handler that logs active handles upon normal exit. Not static since
+ * sftp-server-main.c file needs that as well.
+ */
+void
 cleanup_exit(int i)
 {
 	if (pw != NULL && client_addr != NULL) {
@@ -1216,7 +1219,7 @@ usage(void)
 }
 
 int
-main(int argc, char **argv)
+sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 {
 	fd_set *rset, *wset;
 	int in, out, max, ch, skipargs = 0, log_stderr = 0;
@@ -1226,9 +1229,6 @@ main(int argc, char **argv)
 
 	extern char *optarg;
 
-	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-	sanitise_stdfd();
-
 	__progname = get_progname(argv[0]);
 
 	(void) g11n_setlocale(LC_ALL, "");
@@ -1274,9 +1274,7 @@ main(int argc, char **argv)
 	} else
 		client_addr = xstrdup("UNKNOWN");
 
-	if ((pw = getpwuid(getuid())) == NULL)
-		fatal("No user found for uid %lu", (u_long)getuid());
-	pw = pwcopy(pw);
+	pw = pwcopy(user_pw);
 
 	log("session opened for local user %s from [%s]",
 	    pw->pw_name, client_addr);
diff --git a/usr/src/cmd/ssh/ssh.po b/usr/src/cmd/ssh/ssh.po
index 3c4c2bd61d..1d5d3dc2a2 100644
--- a/usr/src/cmd/ssh/ssh.po
+++ b/usr/src/cmd/ssh/ssh.po
@@ -414,15 +414,37 @@ msgstr ""
 # File: ../common/kexgexs.c, line: 80
 # File: ../common/kexgexs.c, line: 110
 # File: ../common/packet.c, line: 931
+# File: ssh.c, line: 918
+# File: ssh.c, line: 966
+# File: sshconnect1.c, line: 122
+# File: sshconnect1.c, line: 260
+# File: sshconnect1.c, line: 377
+# File: sshconnect1.c, line: 437
+# File: sshconnect1.c, line: 560
+# File: sshconnect2.c, line: 332
+# File: sshconnect2.c, line: 454
+# File: sshconnect2.c, line: 488
+# File: sshconnect2.c, line: 661
+# File: sshconnect2.c, line: 713
+# File: sshconnect2.c, line: 796
+# File: sshconnect2.c, line: 821
+# File: sshconnect2.c, line: 1387
+# File: clientloop.c, line: 1341
+# File: clientloop.c, line: 1351
+# File: clientloop.c, line: 1360
+# File: clientloop.c, line: 1387
+# File: clientloop.c, line: 1427
+# File: clientloop.c, line: 1543
+# File: sshd.c, line: 1807
 # File: altprivsep.c, line: 640
 # File: altprivsep.c, line: 728
-# File: auth-rsa.c, line: 145
 # File: auth1.c, line: 136
 # File: auth1.c, line: 167
 # File: auth1.c, line: 185
 # File: auth1.c, line: 204
 # File: auth1.c, line: 236
 # File: auth1.c, line: 323
+# File: auth2.c, line: 136
 # File: auth2-chall.c, line: 280
 # File: auth2-gss.c, line: 87
 # File: auth2-gss.c, line: 135
@@ -432,48 +454,26 @@ msgstr ""
 # File: auth2-gss.c, line: 358
 # File: auth2-kbdint.c, line: 53
 # File: auth2-none.c, line: 106
-# File: auth2-pam.c, line: 404
 # File: auth2-passwd.c, line: 57
+# File: auth2-pam.c, line: 404
 # File: auth2-pubkey.c, line: 127
 # File: auth2-pubkey.c, line: 161
-# File: auth2.c, line: 136
-# File: clientloop.c, line: 1341
-# File: clientloop.c, line: 1351
-# File: clientloop.c, line: 1360
-# File: clientloop.c, line: 1387
-# File: clientloop.c, line: 1427
-# File: clientloop.c, line: 1543
+# File: auth-rsa.c, line: 145
 # File: serverloop.c, line: 1036
 # File: serverloop.c, line: 1052
 # File: serverloop.c, line: 1065
 # File: serverloop.c, line: 1082
 # File: serverloop.c, line: 1106
-# File: session.c, line: 280
-# File: session.c, line: 315
-# File: session.c, line: 367
-# File: session.c, line: 1483
-# File: session.c, line: 1590
-# File: session.c, line: 1604
-# File: session.c, line: 1646
-# File: session.c, line: 1714
-# File: session.c, line: 1724
-# File: session.c, line: 1734
-# File: ssh.c, line: 918
-# File: ssh.c, line: 966
-# File: sshconnect1.c, line: 122
-# File: sshconnect1.c, line: 260
-# File: sshconnect1.c, line: 377
-# File: sshconnect1.c, line: 437
-# File: sshconnect1.c, line: 560
-# File: sshconnect2.c, line: 332
-# File: sshconnect2.c, line: 454
-# File: sshconnect2.c, line: 488
-# File: sshconnect2.c, line: 661
-# File: sshconnect2.c, line: 713
-# File: sshconnect2.c, line: 796
-# File: sshconnect2.c, line: 821
-# File: sshconnect2.c, line: 1387
-# File: sshd.c, line: 1807
+# File: session.c, line: 287
+# File: session.c, line: 322
+# File: session.c, line: 374
+# File: session.c, line: 1560
+# File: session.c, line: 1667
+# File: session.c, line: 1681
+# File: session.c, line: 1727
+# File: session.c, line: 1795
+# File: session.c, line: 1805
+# File: session.c, line: 1815
 msgid "Packet integrity error."
 msgstr ""
 #
@@ -548,9 +548,9 @@ msgstr ""
 # File: ../common/channels.c, line: 2570
 # File: ../common/channels.c, line: 2670
 # File: ../common/channels.c, line: 2743
-# File: session.c, line: 200
 # File: sshconnect.c, line: 206
 # File: sshd.c, line: 1197
+# File: session.c, line: 207
 #, c-format
 msgid "socket: %.100s"
 msgstr ""
@@ -563,15 +563,15 @@ msgstr ""
 #
 # File: ../common/channels.c, line: 2284
 # File: ../common/channels.c, line: 2286
-# File: session.c, line: 208
+# File: session.c, line: 215
 #, c-format
 msgid "bind: %.100s"
 msgstr ""
 #
 # File: ../common/channels.c, line: 2293
 # File: ../common/channels.c, line: 2714
-# File: session.c, line: 215
 # File: sshd.c, line: 1230
+# File: session.c, line: 222
 #, c-format
 msgid "listen: %.100s"
 msgstr ""
@@ -719,55 +719,59 @@ msgstr ""
 msgid "cipher_init: iv length %d is insufficient for %s."
 msgstr ""
 #
-# File: ../common/cipher.c, line: 229
+# File: ../common/cipher.c, line: 235
 #, c-format
 msgid "cipher_init: EVP_CipherInit failed for %s"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 235
+# File: ../common/cipher.c, line: 241
 #, c-format
 msgid "cipher_init: set keylen failed (%d -> %d)"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 239
+# File: ../common/cipher.c, line: 245
 #, c-format
 msgid "cipher_init: EVP_CipherInit: set key failed for %s"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 248
+# File: ../common/cipher.c, line: 253
+msgid "cipher_init: EVP_Cipher failed during discard"
+msgstr ""
+#
+# File: ../common/cipher.c, line: 264
 #, c-format
 msgid "cipher_encrypt: bad plaintext length %d"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 251
+# File: ../common/cipher.c, line: 266
 msgid "evp_crypt: EVP_Cipher failed"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 260
+# File: ../common/cipher.c, line: 273
 msgid "cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 354
+# File: ../common/cipher.c, line: 364
 msgid "ssh1_3des_cbc: no context"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 487
+# File: ../common/cipher.c, line: 489
 #, c-format
 msgid "%s: wrong iv length %d != %d"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 501
+# File: ../common/cipher.c, line: 502
 #, c-format
 msgid "%s: bad 3des iv length: %d"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 504
+# File: ../common/cipher.c, line: 505
 # File: ../common/cipher.c, line: 544
 #, c-format
 msgid "%s: no 3des context"
 msgstr ""
 #
-# File: ../common/cipher.c, line: 512
+# File: ../common/cipher.c, line: 513
 # File: ../common/cipher.c, line: 552
 #, c-format
 msgid "%s: bad cipher %d"
@@ -1152,8 +1156,8 @@ msgid ""
 "\n"
 "The client cipher list can be controlled using the \"Ciphers\" "
 "option, \n"
-"see ssh_config(4) for more information. The \"-o "
-"Ciphers=<cipher-list>\"\n"
+"see ssh_config(4) for more information. The \"-o Ciphers=<cipher-list>"
+"\"\n"
 "option may be used to temporarily override the ciphers the client\n"
 "offers."
 msgstr ""
@@ -1412,32 +1416,50 @@ msgstr ""
 msgid "Couldn't get MIC"
 msgstr ""
 #
-# File: ../common/misc.c, line: 62
-# File: ../common/misc.c, line: 83
+# File: ../common/misc.c, line: 60
+# File: ../common/misc.c, line: 81
 #, c-format
 msgid "fcntl(%d, F_GETFL, 0): %s"
 msgstr ""
 #
-# File: ../common/misc.c, line: 106
+# File: ../common/misc.c, line: 104
 #, c-format
 msgid "getsockopt TCP_NODELAY: %.100s"
 msgstr ""
 #
-# File: ../common/misc.c, line: 116
+# File: ../common/misc.c, line: 114
 #, c-format
 msgid "setsockopt TCP_NODELAY: %.100s"
 msgstr ""
 #
-# File: ../common/misc.c, line: 408
+# File: ../common/misc.c, line: 406
 msgid "replacearg: argument too long"
 msgstr ""
 #
-# File: ../common/misc.c, line: 411
+# File: ../common/misc.c, line: 409
 #, c-format
 msgid "replacearg: tried to replace invalid arg %d >= %d"
 msgstr ""
 #
-# File: ../common/misc.c, line: 592
+# File: ../common/misc.c, line: 456
+msgid "percent_expand: NULL replacement"
+msgstr ""
+#
+# File: ../common/misc.c, line: 461
+msgid "percent_expand: too many keys"
+msgstr ""
+#
+# File: ../common/misc.c, line: 470
+# File: ../common/misc.c, line: 481
+msgid "percent_expand: string too long"
+msgstr ""
+#
+# File: ../common/misc.c, line: 486
+#, c-format
+msgid "percent_expand: unknown key %%%c"
+msgstr ""
+#
+# File: ../common/misc.c, line: 654
 # File: ../common/readconf.c, line: 499
 # File: ../common/readconf.c, line: 537
 # File: ../common/readconf.c, line: 558
@@ -1546,8 +1568,8 @@ msgstr ""
 #
 # File: ../common/packet.c, line: 263
 # File: ../common/packet.c, line: 267
-# File: altprivsep.c, line: 282
 # File: sshd.c, line: 1624
+# File: altprivsep.c, line: 282
 #, c-format
 msgid "fcntl O_NONBLOCK: %.100s"
 msgstr ""
@@ -1581,8 +1603,8 @@ msgid "newkeys: no keys for mode %d"
 msgstr ""
 #
 # File: ../common/packet.c, line: 676
-# File: clientloop.c, line: 763
 # File: ssh.c, line: 929
+# File: clientloop.c, line: 763
 # File: sshd.c, line: 1136
 #, c-format
 msgid "daemon() failed: %.200s"
@@ -1860,56 +1882,86 @@ msgstr ""
 msgid "cfsetospeed failed for %d"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 76
-# File: ../common/uidswap.c, line: 85
+# File: ../common/uidswap.c, line: 77
+# File: ../common/uidswap.c, line: 86
 #, c-format
 msgid "getgroups: %.100s"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 81
-# File: ../common/uidswap.c, line: 163
+# File: ../common/uidswap.c, line: 82
+# File: ../common/uidswap.c, line: 168
 #, c-format
 msgid "initgroups: %s: %.100s"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 89
-# File: ../common/uidswap.c, line: 146
+# File: ../common/uidswap.c, line: 90
+# File: ../common/uidswap.c, line: 147
 #, c-format
 msgid "setgroups: %.100s"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 100
-# File: ../common/uidswap.c, line: 140
+# File: ../common/uidswap.c, line: 101
+# File: ../common/uidswap.c, line: 141
 #, c-format
 msgid "setegid %u: %.100s"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 104
-# File: ../common/uidswap.c, line: 136
+# File: ../common/uidswap.c, line: 105
+# File: ../common/uidswap.c, line: 137
 #, c-format
 msgid "seteuid %u: %.100s"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 130
+# File: ../common/uidswap.c, line: 131
 msgid "restore_uid: temporarily_use_uid not effective"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 138
-# File: ../common/uidswap.c, line: 168
+# File: ../common/uidswap.c, line: 139
+# File: ../common/uidswap.c, line: 191
 #, c-format
 msgid "setuid %u: %.100s"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 142
-# File: ../common/uidswap.c, line: 166
+# File: ../common/uidswap.c, line: 143
+# File: ../common/uidswap.c, line: 172
 #, c-format
 msgid "setgid %u: %.100s"
 msgstr ""
 #
-# File: ../common/uidswap.c, line: 159
+# File: ../common/uidswap.c, line: 162
 msgid "permanently_set_uid: temporarily_use_uid effective"
 msgstr ""
 #
+# File: ../common/uidswap.c, line: 187
+# File: ../common/uidswap.c, line: 230
+# File: session.c, line: 2542
+#, c-format
+msgid "setpflags: %s"
+msgstr ""
+#
+# File: ../common/uidswap.c, line: 209
+# File: session.c, line: 2522
+#, c-format
+msgid "priv_allocset: %s"
+msgstr ""
+#
+# File: ../common/uidswap.c, line: 211
+# File: session.c, line: 2524
+#, c-format
+msgid "getppriv: %s"
+msgstr ""
+#
+# File: ../common/uidswap.c, line: 216
+# File: ../common/uidswap.c, line: 221
+msgid "permanently_set_uid: priv_addset failed"
+msgstr ""
+#
+# File: ../common/uidswap.c, line: 226
+# File: session.c, line: 2532
+#, c-format
+msgid "setppriv: %s"
+msgstr ""
+#
 # File: ../common/xmalloc.c, line: 29
 msgid "xmalloc: zero size"
 msgstr ""
@@ -1974,13 +2026,13 @@ msgid "too many unknown options found, can't continue"
 msgstr ""
 #
 # File: ../common/readconf.c, line: 346
-# File: servconf.c, line: 576
+# File: servconf.c, line: 583
 #, c-format
 msgid "%s line %d: missing time value."
 msgstr ""
 #
 # File: ../common/readconf.c, line: 349
-# File: servconf.c, line: 579
+# File: servconf.c, line: 586
 #, c-format
 msgid "%s line %d: invalid time value."
 msgstr ""
@@ -2059,7 +2111,7 @@ msgid "%.200s line %d: Bad protocol spec '%s'."
 msgstr ""
 #
 # File: ../common/readconf.c, line: 698
-# File: servconf.c, line: 824
+# File: servconf.c, line: 831
 #, c-format
 msgid "%.200s line %d: unsupported log level '%s'"
 msgstr ""
@@ -2155,6 +2207,106 @@ msgstr ""
 msgid "Unknown status"
 msgstr ""
 #
+# File: sftp-server.c, line: 481
+# File: ../sftp-server/sftp-server.c, line: 481
+#, c-format
+msgid "received client version %d"
+msgstr ""
+#
+# File: sftp-server.c, line: 560
+# File: ../sftp-server/sftp-server.c, line: 560
+msgid "process_read: seek failed"
+msgstr ""
+#
+# File: sftp-server.c, line: 599
+# File: ../sftp-server/sftp-server.c, line: 599
+msgid "process_write: seek failed"
+msgstr ""
+#
+# File: sftp-server.c, line: 604
+# File: ../sftp-server/sftp-server.c, line: 604
+msgid "process_write: write failed"
+msgstr ""
+#
+# File: sftp-server.c, line: 630
+# File: ../sftp-server/sftp-server.c, line: 630
+#, c-format
+msgid "%sstat name \"%s\""
+msgstr ""
+#
+# File: sftp-server.c, line: 957
+# File: ../sftp-server/sftp-server.c, line: 957
+#, c-format
+msgid "realpath \"%s\""
+msgstr ""
+#
+# File: sftp-server.c, line: 1036
+# File: ../sftp-server/sftp-server.c, line: 1036
+#, c-format
+msgid "readlink \"%s\""
+msgstr ""
+#
+# File: sftp-server.c, line: 1099
+# File: ../sftp-server/sftp-server.c, line: 1099
+#, c-format
+msgid "bad message from %s local user %s"
+msgstr ""
+#
+# File: sftp-server.c, line: 1170
+# File: ../sftp-server/sftp-server.c, line: 1170
+# File: ssh-agent.c, line: 623
+#, c-format
+msgid "Unknown message %d"
+msgstr ""
+#
+# File: sftp-server.c, line: 1175
+# File: ../sftp-server/sftp-server.c, line: 1175
+msgid "iqueue grew unexpectedly"
+msgstr ""
+#
+# File: sftp-server.c, line: 1178
+# File: ../sftp-server/sftp-server.c, line: 1178
+#, c-format
+msgid "msg_len %d < consumed %d"
+msgstr ""
+#
+# File: sftp-server.c, line: 1240
+# File: ../sftp-server/sftp-server.c, line: 1240
+#, c-format
+msgid "Invalid log level \"%s\""
+msgstr ""
+#
+# File: sftp-server.c, line: 1245
+# File: ../sftp-server/sftp-server.c, line: 1245
+#, c-format
+msgid "Invalid log facility \"%s\""
+msgstr ""
+#
+# File: sftp-server.c, line: 1258
+# File: ../sftp-server/sftp-server.c, line: 1258
+#, c-format
+msgid "Malformed SSH_CONNECTION variable: \"%s\""
+msgstr ""
+#
+# File: sftp-server.c, line: 1310
+# File: ../sftp-server/sftp-server.c, line: 1310
+# File: ssh-agent.c, line: 1092
+#, c-format
+msgid "select: %s"
+msgstr ""
+#
+# File: sftp-server.c, line: 1321
+# File: ../sftp-server/sftp-server.c, line: 1321
+#, c-format
+msgid "read: %s"
+msgstr ""
+#
+# File: sftp-server.c, line: 1331
+# File: ../sftp-server/sftp-server.c, line: 1331
+#, c-format
+msgid "write: %s"
+msgstr ""
+#
 # File: ssh.c, line: 159
 #, c-format
 msgid ""
@@ -2167,8 +2319,8 @@ msgid ""
 "  -a          Disable authentication agent forwarding (default).\n"
 "  -X          Enable X11 connection forwarding.\n"
 "  -x          Disable X11 connection forwarding (default).\n"
-"  -i file     Identity for public key authentication (default: "
-"~/.ssh/identity)\n"
+"  -i file     Identity for public key authentication (default: ~/.ssh/"
+"identity)\n"
 "  -t          Tty; allocate a tty even if command is given.\n"
 "  -T          Do not allocate a tty.\n"
 "  -v          Verbose; display verbose debugging messages.\n"
@@ -2185,8 +2337,8 @@ msgid ""
 "  -R listen-port:host:port   Forward remote port to local address\n"
 "              These cause %s to listen for connections on a port, "
 "and\n"
-"              forward them to the other side by connecting to "
-"host:port.\n"
+"              forward them to the other side by connecting to host:"
+"port.\n"
 "  -D port     Enable dynamic application-level port forwarding.\n"
 "  -C          Enable compression.\n"
 "  -N          Do not execute a shell or command.\n"
@@ -2211,6 +2363,7 @@ msgid "You don't exist, go away!"
 msgstr ""
 #
 # File: ssh.c, line: 322
+#, c-format
 msgid "Warning: Option -P has been deprecated\n"
 msgstr ""
 #
@@ -2224,8 +2377,8 @@ msgstr ""
 msgid "Too many identity files specified (max %d)"
 msgstr ""
 #
-# File: ssh-keyscan.c, line: 725
 # File: ssh.c, line: 363
+# File: ssh-keyscan.c, line: 725
 msgid "Too high debugging level."
 msgstr ""
 #
@@ -2249,8 +2402,8 @@ msgstr ""
 msgid "Unknown mac type '%s'\n"
 msgstr ""
 #
-# File: ssh-keyscan.c, line: 704
 # File: ssh.c, line: 431
+# File: ssh-keyscan.c, line: 704
 #, c-format
 msgid "Bad port '%s'\n"
 msgstr ""
@@ -2271,6 +2424,7 @@ msgid "Bad dynamic forwarding specification '%s'\n"
 msgstr ""
 #
 # File: ssh.c, line: 538
+#, c-format
 msgid "You must specify a subsystem to invoke.\n"
 msgstr ""
 #
@@ -2334,12 +2488,6 @@ msgstr ""
 msgid "Protocol error waiting for X11 forwarding"
 msgstr ""
 #
-# File: clientloop.c, line: 1341
-# File: clientloop.c, line: 1351
-# File: clientloop.c, line: 1360
-# File: clientloop.c, line: 1387
-# File: clientloop.c, line: 1427
-# File: clientloop.c, line: 1543
 # File: ssh.c, line: 918
 # File: ssh.c, line: 966
 # File: sshconnect1.c, line: 122
@@ -2355,6 +2503,12 @@ msgstr ""
 # File: sshconnect2.c, line: 796
 # File: sshconnect2.c, line: 821
 # File: sshconnect2.c, line: 1387
+# File: clientloop.c, line: 1341
+# File: clientloop.c, line: 1351
+# File: clientloop.c, line: 1360
+# File: clientloop.c, line: 1387
+# File: clientloop.c, line: 1427
+# File: clientloop.c, line: 1543
 #, c-format
 msgid "Packet integrity error (%d bytes remaining) at %s:%d"
 msgstr ""
@@ -2386,9 +2540,9 @@ msgstr ""
 msgid "Could not create pipes to communicate with the proxy: %.100s"
 msgstr ""
 #
-# File: session.c, line: 455
-# File: session.c, line: 574
 # File: sshconnect.c, line: 160
+# File: session.c, line: 462
+# File: session.c, line: 584
 #, c-format
 msgid "fork failed: %.100s"
 msgstr ""
@@ -2709,8 +2863,8 @@ msgstr ""
 # File: sshconnect1.c, line: 537
 #, c-format
 msgid ""
-"Warning: Server lies about size of server public key: actual size is "
-"%d bits vs. announced %d."
+"Warning: Server lies about size of server public key: actual size is %"
+"d bits vs. announced %d."
 msgstr ""
 #
 # File: sshconnect1.c, line: 539
@@ -2844,10 +2998,10 @@ msgstr ""
 msgid "input_userauth_passwd_changereq: no authentication context"
 msgstr ""
 #
-# File: auth.c, line: 568
 # File: sshconnect2.c, line: 981
 # File: sshconnect2.c, line: 1357
 # File: sshconnect2.c, line: 1359
+# File: auth.c, line: 568
 #, c-format
 msgid "%s"
 msgstr ""
@@ -2928,8 +3082,8 @@ msgstr ""
 msgid "userauth_hostbased: cannot get local ipaddr/name"
 msgstr ""
 #
-# File: ssh-keysign.c, line: 249
 # File: sshconnect2.c, line: 1540
+# File: ssh-keysign.c, line: 249
 msgid "key_sign failed"
 msgstr ""
 #
@@ -2979,7 +3133,7 @@ msgid ""
 msgstr ""
 #
 # File: clientloop.c, line: 688
-# File: sftp.c, line: 894
+# File: sftp.c, line: 898
 msgid "Invalid command."
 msgstr ""
 #
@@ -3131,26 +3285,32 @@ msgid ""
 msgstr ""
 #
 # File: sshd.c, line: 883
+#, c-format
 msgid "Debug level too high.\n"
 msgstr ""
 #
 # File: sshd.c, line: 908
+#, c-format
 msgid "too many ports.\n"
 msgstr ""
 #
 # File: sshd.c, line: 913
+#, c-format
 msgid "Bad port number.\n"
 msgstr ""
 #
 # File: sshd.c, line: 920
+#, c-format
 msgid "Invalid login grace time.\n"
 msgstr ""
 #
 # File: sshd.c, line: 927
+#, c-format
 msgid "Invalid key regeneration interval.\n"
 msgstr ""
 #
 # File: sshd.c, line: 935
+#, c-format
 msgid "too many host keys.\n"
 msgstr ""
 #
@@ -3165,6 +3325,7 @@ msgid "Could not load host key: %s"
 msgstr ""
 #
 # File: sshd.c, line: 1057
+#, c-format
 msgid "Bad server key size.\n"
 msgstr ""
 #
@@ -3190,9 +3351,9 @@ msgstr ""
 msgid "Cannot bind any address."
 msgstr ""
 #
+# File: sshd.c, line: 1305
 # File: serverloop.c, line: 357
 # File: serverloop.c, line: 814
-# File: sshd.c, line: 1305
 #, c-format
 msgid "select: %.100s"
 msgstr ""
@@ -3308,8 +3469,8 @@ msgstr ""
 # File: altprivsep.c, line: 1036
 #, c-format
 msgid ""
-"Protocol error in privilege separation; expected packet type %d, got "
-"%d"
+"Protocol error in privilege separation; expected packet type %d, got %"
+"d"
 msgstr ""
 #
 # File: altprivsep.c, line: 1080
@@ -3370,11 +3531,11 @@ msgstr ""
 msgid "input_userauth_request: no authctxt"
 msgstr ""
 #
+# File: auth2.c, line: 280
 # File: auth2-hostbased.c, line: 69
 # File: auth2-none.c, line: 104
 # File: auth2-passwd.c, line: 51
 # File: auth2-pubkey.c, line: 66
-# File: auth2.c, line: 280
 #, c-format
 msgid "%s: missing context"
 msgstr ""
@@ -3481,8 +3642,8 @@ msgid ""
 "%d)"
 msgstr ""
 #
-# File: auth-rsa.c, line: 331
 # File: auth2-pubkey.c, line: 293
+# File: auth-rsa.c, line: 331
 #, c-format
 msgid "Found matching %s key: %s"
 msgstr ""
@@ -3616,194 +3777,199 @@ msgstr ""
 msgid "%s: Error reading from %s: Expecting %d, got %d"
 msgstr ""
 #
-# File: servconf.c, line: 471
+# File: servconf.c, line: 477
 #, c-format
 msgid "%s: line %d: Bad configuration option: %s"
 msgstr ""
 #
-# File: servconf.c, line: 503
+# File: servconf.c, line: 509
 #, c-format
 msgid "bad addr or host: %s (%s)"
 msgstr ""
 #
-# File: servconf.c, line: 544
+# File: servconf.c, line: 551
 #, c-format
 msgid "%s line %d: ports must be specified before ListenAddress."
 msgstr ""
 #
-# File: servconf.c, line: 547
+# File: servconf.c, line: 554
 #, c-format
 msgid "%s line %d: too many ports."
 msgstr ""
 #
-# File: servconf.c, line: 551
+# File: servconf.c, line: 558
 #, c-format
 msgid "%s line %d: missing port number."
 msgstr ""
 #
-# File: servconf.c, line: 555
+# File: servconf.c, line: 562
 #, c-format
 msgid "%s line %d: Badly formatted port number."
 msgstr ""
 #
-# File: servconf.c, line: 564
+# File: servconf.c, line: 571
 #, c-format
 msgid "%s line %d: missing integer value."
 msgstr ""
 #
-# File: servconf.c, line: 592
+# File: servconf.c, line: 599
 #, c-format
 msgid "%s line %d: missing inet addr."
 msgstr ""
 #
-# File: servconf.c, line: 596
+# File: servconf.c, line: 603
 #, c-format
 msgid "%s line %d: bad ipv6 inet addr usage."
 msgstr ""
 #
-# File: servconf.c, line: 610
+# File: servconf.c, line: 617
 #, c-format
 msgid "%s line %d: bad inet addr:port usage."
 msgstr ""
 #
-# File: servconf.c, line: 615
+# File: servconf.c, line: 622
 #, c-format
 msgid "%s line %d: bad port number."
 msgstr ""
 #
-# File: servconf.c, line: 622
+# File: servconf.c, line: 629
 #, c-format
 msgid "%s line %d: bad inet addr usage."
 msgstr ""
 #
-# File: servconf.c, line: 629
+# File: servconf.c, line: 636
 #, c-format
 msgid "%s line %d: too many host keys specified (max %d)."
 msgstr ""
 #
-# File: servconf.c, line: 635
+# File: servconf.c, line: 642
 #, c-format
 msgid "%s line %d: missing file name."
 msgstr ""
 #
-# File: servconf.c, line: 653
+# File: servconf.c, line: 660
 #, c-format
 msgid ""
 "%s line %d: missing yes/without-password/forced-commands-only/no "
 "argument."
 msgstr ""
 #
-# File: servconf.c, line: 666
+# File: servconf.c, line: 673
 #, c-format
 msgid ""
 "%s line %d: Bad yes/without-password/forced-commands-only/no "
 "argument: %s"
 msgstr ""
 #
-# File: servconf.c, line: 678
+# File: servconf.c, line: 685
 #, c-format
 msgid "%s line %d: missing yes/no argument."
 msgstr ""
 #
-# File: servconf.c, line: 686
+# File: servconf.c, line: 693
 #, c-format
 msgid "%s line %d: Bad yes/no argument: %s"
 msgstr ""
 #
-# File: servconf.c, line: 800
+# File: servconf.c, line: 807
 #, c-format
 msgid "%.200s line %d: Bad yes/no/clientspecified argument."
 msgstr ""
 #
-# File: servconf.c, line: 813
+# File: servconf.c, line: 820
 #, c-format
 msgid "%.200s line %d: unsupported log facility '%s'"
 msgstr ""
 #
-# File: servconf.c, line: 844
+# File: servconf.c, line: 851
 #, c-format
 msgid "%s line %d: too many allow users."
 msgstr ""
 #
-# File: servconf.c, line: 854
+# File: servconf.c, line: 861
 #, c-format
 msgid "%s line %d: too many deny users."
 msgstr ""
 #
-# File: servconf.c, line: 864
+# File: servconf.c, line: 871
 #, c-format
 msgid "%s line %d: too many allow groups."
 msgstr ""
 #
-# File: servconf.c, line: 874
+# File: servconf.c, line: 881
 #, c-format
 msgid "%s line %d: too many deny groups."
 msgstr ""
 #
-# File: servconf.c, line: 883
-# File: servconf.c, line: 894
-# File: servconf.c, line: 906
+# File: servconf.c, line: 890
+# File: servconf.c, line: 901
+# File: servconf.c, line: 913
 #, c-format
 msgid "%s line %d: Missing argument."
 msgstr ""
 #
-# File: servconf.c, line: 885
+# File: servconf.c, line: 892
 #, c-format
 msgid "%s line %d: Bad SSH2 cipher spec '%s'."
 msgstr ""
 #
-# File: servconf.c, line: 896
+# File: servconf.c, line: 903
 #, c-format
 msgid "%s line %d: Bad SSH2 mac spec '%s'."
 msgstr ""
 #
-# File: servconf.c, line: 909
+# File: servconf.c, line: 916
 #, c-format
 msgid "%s line %d: Bad protocol spec '%s'."
 msgstr ""
 #
-# File: servconf.c, line: 917
+# File: servconf.c, line: 924
 #, c-format
 msgid "%s line %d: too many subsystems defined."
 msgstr ""
 #
-# File: servconf.c, line: 922
+# File: servconf.c, line: 929
 #, c-format
 msgid "%s line %d: Missing subsystem name."
 msgstr ""
 #
-# File: servconf.c, line: 926
+# File: servconf.c, line: 933
 #, c-format
 msgid "%s line %d: Subsystem '%s' already defined."
 msgstr ""
 #
-# File: servconf.c, line: 931
+# File: servconf.c, line: 938
 #, c-format
 msgid "%s line %d: Missing subsystem command."
 msgstr ""
 #
-# File: servconf.c, line: 940
+# File: servconf.c, line: 963
 #, c-format
 msgid "%s line %d: Missing MaxStartups spec."
 msgstr ""
 #
-# File: servconf.c, line: 950
-# File: servconf.c, line: 953
+# File: servconf.c, line: 973
+# File: servconf.c, line: 976
 #, c-format
 msgid "%s line %d: Illegal MaxStartups spec."
 msgstr ""
 #
-# File: servconf.c, line: 1007
+# File: servconf.c, line: 1028
+#, c-format
+msgid "%s line %d: missing directory name for ChrootDirectory."
+msgstr ""
+#
+# File: servconf.c, line: 1042
 #, c-format
 msgid "%s line %d: Missing handler for opcode %s (%d)"
 msgstr ""
 #
-# File: servconf.c, line: 1011
+# File: servconf.c, line: 1046
 #, c-format
 msgid "%s line %d: garbage at end of line; \"%.200s\"."
 msgstr ""
 #
-# File: servconf.c, line: 1039
+# File: servconf.c, line: 1074
 #, c-format
 msgid "%s: terminating, %d bad configuration options"
 msgstr ""
@@ -3852,7 +4018,7 @@ msgid "Command terminated on signal %d."
 msgstr ""
 #
 # File: serverloop.c, line: 748
-# File: session.c, line: 2065
+# File: session.c, line: 2146
 #, c-format
 msgid "wait returned status %04x."
 msgstr ""
@@ -3870,215 +4036,244 @@ msgstr ""
 msgid "server_input_channel_req: unknown channel %d"
 msgstr ""
 #
-# File: session.c, line: 168
+# File: session.c, line: 175
 msgid "authentication forwarding requested twice."
 msgstr ""
 #
-# File: session.c, line: 182
+# File: session.c, line: 189
 #, c-format
 msgid "Agent forwarding disabled: mkdtemp() failed: %.100s"
 msgstr ""
 #
-# File: session.c, line: 282
+# File: session.c, line: 289
 #, c-format
 msgid "Received illegal compression level %d."
 msgstr ""
 #
-# File: session.c, line: 407
+# File: session.c, line: 414
 #, c-format
 msgid "Could not create socket pairs: %.100s"
 msgstr ""
 #
-# File: session.c, line: 411
+# File: session.c, line: 418
 msgid "do_exec_no_pty: no session"
 msgstr ""
 #
-# File: session.c, line: 428
+# File: session.c, line: 435
 #, c-format
 msgid "setsid failed: %.100s"
 msgstr ""
 #
-# File: session.c, line: 494
+# File: session.c, line: 504
 msgid "do_exec_pty: no session"
 msgstr ""
 #
-# File: session.c, line: 512
+# File: session.c, line: 522
 #, c-format
 msgid "pipe failed: %.100s"
 msgstr ""
 #
-# File: session.c, line: 533
+# File: session.c, line: 543
 #, c-format
 msgid "dup2 stdin: %s"
 msgstr ""
 #
-# File: session.c, line: 535
+# File: session.c, line: 545
 #, c-format
 msgid "dup2 stdout: %s"
 msgstr ""
 #
-# File: session.c, line: 537
+# File: session.c, line: 547
 #, c-format
 msgid "dup2 stderr: %s"
 msgstr ""
 #
-# File: session.c, line: 588
+# File: session.c, line: 598
 #, c-format
 msgid "dup #1 failed: %.100s"
 msgstr ""
 #
-# File: session.c, line: 593
+# File: session.c, line: 603
 #, c-format
 msgid "dup #2 failed: %.100s"
 msgstr ""
 #
-# File: session.c, line: 776
+# File: session.c, line: 786
 #, c-format
 msgid "child_set_env: too many env vars, skipping: %.100s"
 msgstr ""
 #
-# File: session.c, line: 812
+# File: session.c, line: 822
 #, c-format
 msgid "Too many lines in environment file %s"
 msgstr ""
 #
-# File: session.c, line: 821
+# File: session.c, line: 831
 #, c-format
 msgid "Bad line %u in %.100s\n"
 msgstr ""
 #
-# File: session.c, line: 908
+# File: session.c, line: 918
 #, c-format
 msgid "Could not set ULIMIT to %ld from %s\n"
 msgstr ""
 #
-# File: session.c, line: 1060
+# File: session.c, line: 1070
+#, c-format
 msgid "Environment:\n"
 msgstr ""
 #
-# File: session.c, line: 1165
+# File: session.c, line: 1196
+msgid "chroot path does not begin at root"
+msgstr ""
+#
+# File: session.c, line: 1198
+msgid "chroot path too long"
+msgstr ""
+#
+# File: session.c, line: 1217
+#, c-format
+msgid "%s: stat(\"%s\"): %s"
+msgstr ""
+#
+# File: session.c, line: 1220
+#, c-format
+msgid "bad ownership or modes for chroot directory %s\"%s\""
+msgstr ""
+#
+# File: session.c, line: 1224
 #, c-format
-msgid "setlogin failed: %s"
+msgid "chroot path %s\"%s\" is not a directory"
 msgstr ""
 #
-# File: session.c, line: 1182
+# File: session.c, line: 1229
 #, c-format
-msgid "Failed to set uids to %u."
+msgid "Unable to chdir to chroot path \"%s\": %s"
 msgstr ""
 #
-# File: session.c, line: 1301
+# File: session.c, line: 1232
 #, c-format
-msgid "Could not chdir to home directory %s: %s\n"
+msgid "chroot(\"%s\"): %s"
 msgstr ""
 #
-# File: session.c, line: 1415
+# File: session.c, line: 1234
+#, c-format
+msgid "%s: chdir(/) after chroot: %s"
+msgstr ""
+#
+# File: session.c, line: 1236
+#, c-format
+msgid "Changed root directory to \"%s\""
+msgstr ""
+#
+# File: session.c, line: 1492
 msgid "no more sessions"
 msgstr ""
 #
-# File: session.c, line: 1421
-# File: session.c, line: 2203
+# File: session.c, line: 1498
+# File: session.c, line: 2284
 #, c-format
 msgid "no user for session %d"
 msgstr ""
 #
-# File: session.c, line: 1471
+# File: session.c, line: 1548
 #, c-format
 msgid "session_by_pid: unknown pid %ld"
 msgstr ""
 #
-# File: session.c, line: 1499
+# File: session.c, line: 1576
 msgid "Protocol error: you already have a pty."
 msgstr ""
 #
-# File: session.c, line: 1569
+# File: session.c, line: 1646
 #, c-format
 msgid "session_pty_req: session %d alloc failed"
 msgstr ""
 #
-# File: session.c, line: 1611
+# File: session.c, line: 1691
 #, c-format
 msgid "subsystem: cannot stat %s: %s"
 msgstr ""
 #
-# File: session.c, line: 1679
+# File: session.c, line: 1760
 #, c-format
 msgid ""
 "failed to create the temporary X authority file %s: %.100s; will use "
 "the default one"
 msgstr ""
 #
-# File: session.c, line: 1685
+# File: session.c, line: 1766
 #, c-format
 msgid "cannot remove xauth directory %s: %.100s"
 msgstr ""
 #
-# File: session.c, line: 1703
+# File: session.c, line: 1784
 #, c-format
 msgid ""
 "failed to create a directory for the temporary X authority file: "
 "%.100s; will use the default xauth file"
 msgstr ""
 #
-# File: session.c, line: 1807
+# File: session.c, line: 1888
 #, c-format
 msgid "Missing locale support for %s=%s"
 msgstr ""
 #
-# File: session.c, line: 1812
+# File: session.c, line: 1893
 #, c-format
 msgid "Channel %d set: %s=%s"
 msgstr ""
 #
-# File: session.c, line: 1917
+# File: session.c, line: 1998
 msgid "session_set_fds: called for proto != 2.0"
 msgstr ""
 #
-# File: session.c, line: 1924
+# File: session.c, line: 2005
 #, c-format
 msgid "no channel for session %d"
 msgstr ""
 #
-# File: session.c, line: 1943
+# File: session.c, line: 2024
 msgid "session_pty_cleanup: no session"
 msgstr ""
 #
-# File: session.c, line: 1974
+# File: session.c, line: 2055
 #, c-format
 msgid "close(s->ptymaster/%d): %s"
 msgstr ""
 #
-# File: session.c, line: 1997
+# File: session.c, line: 2078
 msgid "session_xauthfile_cleanup: no session"
 msgstr ""
 #
-# File: session.c, line: 2005
+# File: session.c, line: 2086
 #, c-format
 msgid "session_xauthfile_cleanup: cannot remove xauth file: %.100s"
 msgstr ""
 #
-# File: session.c, line: 2012
+# File: session.c, line: 2093
 #, c-format
 msgid "session_xauthfile_cleanup: cannot remove xauth directory: %.100s"
 msgstr ""
 #
-# File: session.c, line: 2045
+# File: session.c, line: 2126
 #, c-format
 msgid "session_exit_message: session %d: no channel %d"
 msgstr ""
 #
-# File: session.c, line: 2216
+# File: session.c, line: 2297
 msgid "X11 forwarding disabled in user configuration file."
 msgstr ""
 #
-# File: session.c, line: 2225
+# File: session.c, line: 2306
 msgid "No xauth program; cannot forward with spoofing."
 msgstr ""
 #
-# File: session.c, line: 2229
+# File: session.c, line: 2310
 msgid "X11 forwarding disabled; not compatible with UseLogin=yes."
 msgstr ""
 #
-# File: session.c, line: 2246
+# File: session.c, line: 2327
 #, c-format
 msgid "gethostname: %.100s"
 msgstr ""
@@ -4174,6 +4369,7 @@ msgid "do_local_cmd: no arguments"
 msgstr ""
 #
 # File: scp.c, line: 168
+#, c-format
 msgid "Executing:"
 msgstr ""
 #
@@ -4203,7 +4399,7 @@ msgid "pipe: %s"
 msgstr ""
 #
 # File: scp.c, line: 256
-# File: sftp.c, line: 1346
+# File: sftp.c, line: 1403
 #, c-format
 msgid "fork: %s"
 msgstr ""
@@ -4224,6 +4420,7 @@ msgid "Entering directory: %s"
 msgstr ""
 #
 # File: scp.c, line: 1064
+#, c-format
 msgid ""
 "Usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n"
 "           [-c cipher] [-i identity] [-o option]\n"
@@ -4251,10 +4448,12 @@ msgid "Could not remove identity: %s\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 125
+#, c-format
 msgid "All identities removed.\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 127
+#, c-format
 msgid "Failed to remove all identities.\n"
 msgstr ""
 #
@@ -4286,30 +4485,37 @@ msgstr ""
 # File: ssh-add.c, line: 217
 # File: ssh-keygen.c, line: 421
 # File: ssh-keygen.c, line: 533
+#, c-format
 msgid "key_write failed"
 msgstr ""
 #
 # File: ssh-add.c, line: 225
+#, c-format
 msgid "The agent has no identities.\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 243
+#, c-format
 msgid "Passwords do not match.\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 251
+#, c-format
 msgid "Agent locked.\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 253
+#, c-format
 msgid "Agent unlocked.\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 257
+#, c-format
 msgid "Failed to lock agent.\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 259
+#, c-format
 msgid "Failed to unlock agent.\n"
 msgstr ""
 #
@@ -4328,10 +4534,12 @@ msgid ""
 msgstr ""
 #
 # File: ssh-add.c, line: 315
+#, c-format
 msgid "Could not open a connection to your authentication agent.\n"
 msgstr ""
 #
 # File: ssh-add.c, line: 343
+#, c-format
 msgid "Invalid lifetime\n"
 msgstr ""
 #
@@ -4354,12 +4562,6 @@ msgstr ""
 msgid "process_remove_identity: internal error: tab->nentries %d"
 msgstr ""
 #
-# File: sftp-server.c, line: 1170
-# File: ssh-agent.c, line: 623
-#, c-format
-msgid "Unknown message %d"
-msgstr ""
-#
 # File: ssh-agent.c, line: 637
 #, c-format
 msgid "fcntl O_NONBLOCK: %s"
@@ -4438,13 +4640,8 @@ msgstr ""
 msgid "setrlimit RLIMIT_CORE: %s"
 msgstr ""
 #
-# File: sftp-server.c, line: 1311
-# File: ssh-agent.c, line: 1092
-#, c-format
-msgid "select: %s"
-msgstr ""
-#
 # File: ssh-keygen.c, line: 113
+#, c-format
 msgid "bad key type"
 msgstr ""
 #
@@ -4464,10 +4661,12 @@ msgstr ""
 #
 # File: ssh-keygen.c, line: 167
 # File: ssh-keygen.c, line: 417
+#, c-format
 msgid "load failed\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 172
+#, c-format
 msgid "key_to_blob failed\n"
 msgstr ""
 #
@@ -4502,14 +4701,17 @@ msgid ""
 msgstr ""
 #
 # File: ssh-keygen.c, line: 377
+#, c-format
 msgid "uudecode failed.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 384
+#, c-format
 msgid "decode blob failed.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 393
+#, c-format
 msgid "key write failed"
 msgstr ""
 #
@@ -4587,6 +4789,7 @@ msgid "%s is not a valid known_host file.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 683
+#, c-format
 msgid "Not replacing existing known_hosts file because of errors\n"
 msgstr ""
 #
@@ -4621,6 +4824,7 @@ msgid "WARNING: %s contains unhashed entries\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 714
+#, c-format
 msgid "Delete this file to ensure privacy of hostnames\n"
 msgstr ""
 #
@@ -4630,6 +4834,7 @@ msgstr ""
 #
 # File: ssh-keygen.c, line: 755
 # File: ssh-keygen.c, line: 842
+#, c-format
 msgid "Bad passphrase.\n"
 msgstr ""
 #
@@ -4648,6 +4853,7 @@ msgid "Enter same passphrase again: "
 msgstr ""
 #
 # File: ssh-keygen.c, line: 778
+#, c-format
 msgid "Pass phrases do not match.  Try again.\n"
 msgstr ""
 #
@@ -4659,10 +4865,12 @@ msgid "Saving the key failed: %s.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 802
+#, c-format
 msgid "Your identification has been saved with the new passphrase.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 849
+#, c-format
 msgid "Comments are only supported for RSA1 keys.\n"
 msgstr ""
 #
@@ -4672,6 +4880,7 @@ msgid "Key now has comment '%s'\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 859
+#, c-format
 msgid "Enter new comment: "
 msgstr ""
 #
@@ -4689,10 +4898,12 @@ msgstr ""
 #
 # File: ssh-keygen.c, line: 897
 # File: ssh-keygen.c, line: 1189
+#, c-format
 msgid "write key failed"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 904
+#, c-format
 msgid "The comment in your key file has been changed.\n"
 msgstr ""
 #
@@ -4721,22 +4932,27 @@ msgid ""
 msgstr ""
 #
 # File: ssh-keygen.c, line: 968
+#, c-format
 msgid "You don't exist, go away!\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 983
+#, c-format
 msgid "Bits has bad value.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 1051
+#, c-format
 msgid "Too many arguments.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 1055
+#, c-format
 msgid "Can only have one of -p and -c.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 1076
+#, c-format
 msgid "You must specify a key type (-t).\n"
 msgstr ""
 #
@@ -4751,6 +4967,7 @@ msgid "Generating public/private %s key pair.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 1090
+#, c-format
 msgid "key_generate failed"
 msgstr ""
 #
@@ -4783,6 +5000,7 @@ msgid "Enter passphrase (empty for no passphrase): "
 msgstr ""
 #
 # File: ssh-keygen.c, line: 1141
+#, c-format
 msgid "Passphrases do not match.  Try again.\n"
 msgstr ""
 #
@@ -4797,6 +5015,7 @@ msgid "Your public key has been saved in %s.\n"
 msgstr ""
 #
 # File: ssh-keygen.c, line: 1197
+#, c-format
 msgid "The key fingerprint is:\n"
 msgstr ""
 #
@@ -4943,83 +5162,8 @@ msgstr ""
 msgid "%s: not enough file descriptors"
 msgstr ""
 #
-# File: sftp-server.c, line: 481
-#, c-format
-msgid "received client version %d"
-msgstr ""
-#
-# File: sftp-server.c, line: 560
-msgid "process_read: seek failed"
-msgstr ""
-#
-# File: sftp-server.c, line: 599
-msgid "process_write: seek failed"
-msgstr ""
-#
-# File: sftp-server.c, line: 604
-msgid "process_write: write failed"
-msgstr ""
-#
-# File: sftp-server.c, line: 630
-#, c-format
-msgid "%sstat name \"%s\""
-msgstr ""
-#
-# File: sftp-server.c, line: 957
-#, c-format
-msgid "realpath \"%s\""
-msgstr ""
-#
-# File: sftp-server.c, line: 1036
-#, c-format
-msgid "readlink \"%s\""
-msgstr ""
-#
-# File: sftp-server.c, line: 1099
-#, c-format
-msgid "bad message from %s local user %s"
-msgstr ""
-#
-# File: sftp-server.c, line: 1175
-msgid "iqueue grew unexpectedly"
-msgstr ""
-#
-# File: sftp-server.c, line: 1178
-#, c-format
-msgid "msg_len %d < consumed %d"
-msgstr ""
-#
-# File: sftp-server.c, line: 1239
-#, c-format
-msgid "Invalid log level \"%s\""
-msgstr ""
-#
-# File: sftp-server.c, line: 1244
-#, c-format
-msgid "Invalid log facility \"%s\""
-msgstr ""
-#
-# File: sftp-server.c, line: 1257
+# File: sftp.c, line: 176
 #, c-format
-msgid "Malformed SSH_CONNECTION variable: \"%s\""
-msgstr ""
-#
-# File: sftp-server.c, line: 1264
-#, c-format
-msgid "No user found for uid %lu"
-msgstr ""
-#
-# File: sftp-server.c, line: 1322
-#, c-format
-msgid "read: %s"
-msgstr ""
-#
-# File: sftp-server.c, line: 1332
-#, c-format
-msgid "write: %s"
-msgstr ""
-#
-# File: sftp.c, line: 172
 msgid ""
 "Available commands:\n"
 "cd path                       Change remote directory to 'path'\n"
@@ -5052,213 +5196,231 @@ msgid ""
 "?                             Synonym for help\n"
 msgstr ""
 #
-# File: sftp.c, line: 216
+# File: sftp.c, line: 220
 #, c-format
 msgid "Couldn't fork: %s"
 msgstr ""
 #
-# File: sftp.c, line: 227
+# File: sftp.c, line: 231
 #, c-format
 msgid "Couldn't execute \"%s\": %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 233
+# File: sftp.c, line: 237
 #, c-format
 msgid "Couldn't wait for child: %s"
 msgstr ""
 #
-# File: sftp.c, line: 235
+# File: sftp.c, line: 239
 msgid "Shell exited abnormally"
 msgstr ""
 #
-# File: sftp.c, line: 237
+# File: sftp.c, line: 241
 #, c-format
 msgid "Shell exited with status %d"
 msgstr ""
 #
-# File: sftp.c, line: 316
+# File: sftp.c, line: 320
 msgid "Invalid path"
 msgstr ""
 #
-# File: sftp.c, line: 337
-# File: sftp.c, line: 389
+# File: sftp.c, line: 341
+# File: sftp.c, line: 393
 #, c-format
 msgid "Invalid flag -%c"
 msgstr ""
 #
-# File: sftp.c, line: 427
+# File: sftp.c, line: 431
 msgid "Unterminated quote"
 msgstr ""
 #
-# File: sftp.c, line: 434
+# File: sftp.c, line: 438
 #, c-format
 msgid "Bad escaped character '\\%c'"
 msgstr ""
 #
-# File: sftp.c, line: 443
+# File: sftp.c, line: 447
 msgid "Empty quotes"
 msgstr ""
 #
-# File: sftp.c, line: 483
+# File: sftp.c, line: 487
 #, c-format
 msgid "stat %s: %s"
 msgstr ""
 #
-# File: sftp.c, line: 517
-# File: sftp.c, line: 585
+# File: sftp.c, line: 521
+# File: sftp.c, line: 589
 #, c-format
 msgid "File \"%s\" not found."
 msgstr ""
 #
-# File: sftp.c, line: 524
-# File: sftp.c, line: 592
+# File: sftp.c, line: 528
+# File: sftp.c, line: 596
 #, c-format
 msgid "Multiple files match, but \"%s\" is not a directory"
 msgstr ""
 #
-# File: sftp.c, line: 554
+# File: sftp.c, line: 558
 #, c-format
 msgid "Fetching %s to %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 600
+# File: sftp.c, line: 604
 #, c-format
 msgid "skipping non-regular file %s"
 msgstr ""
 #
-# File: sftp.c, line: 627
+# File: sftp.c, line: 631
 #, c-format
 msgid "Uploading %s to %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 656
+# File: sftp.c, line: 660
 msgid "Unknown ls sort type"
 msgstr ""
 #
-# File: sftp.c, line: 761
+# File: sftp.c, line: 765
 #, c-format
 msgid "Can't ls: \"%s\" not found"
 msgstr ""
 #
-# File: sftp.c, line: 910
+# File: sftp.c, line: 914
 #, c-format
 msgid "You must specify at least one path after a %s command."
 msgstr ""
 #
-# File: sftp.c, line: 925
+# File: sftp.c, line: 929
 #, c-format
 msgid "You must specify two paths after a %s command."
 msgstr ""
 #
-# File: sftp.c, line: 940
-# File: sftp.c, line: 988
+# File: sftp.c, line: 944
+# File: sftp.c, line: 992
 #, c-format
 msgid "You must specify a path after a %s command."
 msgstr ""
 #
-# File: sftp.c, line: 969
-# File: sftp.c, line: 978
+# File: sftp.c, line: 973
+# File: sftp.c, line: 982
 #, c-format
 msgid "You must supply a numeric argument to the %s command."
 msgstr ""
 #
-# File: sftp.c, line: 1001
+# File: sftp.c, line: 1005
 msgid "Command not implemented"
 msgstr ""
 #
-# File: sftp.c, line: 1057
+# File: sftp.c, line: 1061
 #, c-format
 msgid "Removing %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 1086
+# File: sftp.c, line: 1090
 msgid "Can't change directory: Can't check target"
 msgstr ""
 #
-# File: sftp.c, line: 1092
+# File: sftp.c, line: 1096
 #, c-format
 msgid "Can't change directory: \"%s\" is not a directory"
 msgstr ""
 #
-# File: sftp.c, line: 1117
+# File: sftp.c, line: 1121
 #, c-format
 msgid "Couldn't change local directory to \"%s\": %s"
 msgstr ""
 #
-# File: sftp.c, line: 1124
+# File: sftp.c, line: 1128
 #, c-format
 msgid "Couldn't create local directory \"%s\": %s"
 msgstr ""
 #
-# File: sftp.c, line: 1137
+# File: sftp.c, line: 1141
 #, c-format
 msgid "Local umask: %03lo\n"
 msgstr ""
 #
-# File: sftp.c, line: 1146
+# File: sftp.c, line: 1150
 #, c-format
 msgid "Changing mode on %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 1164
+# File: sftp.c, line: 1168
 #, c-format
 msgid "Can't get current ownership of remote file \"%s\""
 msgstr ""
 #
-# File: sftp.c, line: 1173
+# File: sftp.c, line: 1177
 #, c-format
 msgid "Changing owner on %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 1176
+# File: sftp.c, line: 1180
 #, c-format
 msgid "Changing group on %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 1185
+# File: sftp.c, line: 1189
 #, c-format
 msgid "Remote working directory: %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 1189
+# File: sftp.c, line: 1193
 #, c-format
 msgid "Couldn't get local cwd: %s"
 msgstr ""
 #
-# File: sftp.c, line: 1193
+# File: sftp.c, line: 1197
 #, c-format
 msgid "Local working directory: %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 1202
+# File: sftp.c, line: 1206
 #, c-format
 msgid "SFTP protocol version %u\n"
 msgstr ""
 #
-# File: sftp.c, line: 1212
+# File: sftp.c, line: 1216
 #, c-format
 msgid "%d is not implemented"
 msgstr ""
 #
-# File: sftp.c, line: 1246
+# File: sftp.c, line: 1263
+msgid "Couldn't initialize GetLine"
+msgstr ""
+#
+# File: sftp.c, line: 1266
+msgid "Couldn't register completion function"
+msgstr ""
+#
+# File: sftp.c, line: 1273
 msgid "Couldn't initialise connection to server"
 msgstr ""
 #
-# File: sftp.c, line: 1250
+# File: sftp.c, line: 1277
 msgid "Need cwd"
 msgstr ""
 #
-# File: sftp.c, line: 1257
+# File: sftp.c, line: 1284
 #, c-format
 msgid "Changing to: %s\n"
 msgstr ""
 #
-# File: sftp.c, line: 1340
+# File: sftp.c, line: 1344
+#, c-format
+msgid "Error: input line too long\n"
+msgstr ""
+#
+# File: sftp.c, line: 1356
+#, c-format
+msgid "Error reading terminal: %s/\n"
+msgstr ""
+#
+# File: sftp.c, line: 1397
 #, c-format
 msgid "socketpair: %s"
 msgstr ""
 #
-# File: sftp.c, line: 1382
+# File: sftp.c, line: 1439
 #, c-format
 msgid ""
 "Usage: %s [-1Cv] [-b batchfile] [-B buffer_size]\n"
@@ -5267,44 +5429,46 @@ msgid ""
 "            [-S program] [user@]host[:dir[/] | :file [file]]\n"
 msgstr ""
 #
-# File: sftp.c, line: 1450
+# File: sftp.c, line: 1507
 msgid "Batch file already specified."
 msgstr ""
 #
-# File: sftp.c, line: 1455
+# File: sftp.c, line: 1512
 #, c-format
 msgid "%s (%s)."
 msgstr ""
 #
-# File: sftp.c, line: 1466
+# File: sftp.c, line: 1523
 #, c-format
 msgid "Invalid buffer size \"%s\""
 msgstr ""
 #
-# File: sftp.c, line: 1471
+# File: sftp.c, line: 1528
 #, c-format
 msgid "Invalid number of requests \"%s\""
 msgstr ""
 #
-# File: sftp.c, line: 1497
+# File: sftp.c, line: 1554
+#, c-format
 msgid "Missing username\n"
 msgstr ""
 #
-# File: sftp.c, line: 1510
+# File: sftp.c, line: 1567
+#, c-format
 msgid "Missing hostname\n"
 msgstr ""
 #
-# File: sftp.c, line: 1525
+# File: sftp.c, line: 1582
 #, c-format
 msgid "Connecting to %s...\n"
 msgstr ""
 #
-# File: sftp.c, line: 1532
+# File: sftp.c, line: 1589
 #, c-format
 msgid "Attaching to %s...\n"
 msgstr ""
 #
-# File: sftp.c, line: 1551
+# File: sftp.c, line: 1608
 #, c-format
 msgid "Couldn't wait for ssh process: %s"
 msgstr ""
@@ -5538,6 +5702,7 @@ msgid "Couldn't close local file \"%s\": %s"
 msgstr ""
 #
 # File: ssh-http-proxy-connect.c, line: 63
+#, c-format
 msgid ""
 "Usage: ssh-http-proxy-connect [-h http_proxy_host] [-p "
 "http_proxy_port]\n"
@@ -5545,12 +5710,14 @@ msgid ""
 msgstr ""
 #
 # File: ssh-http-proxy-connect.c, line: 158
+#, c-format
 msgid ""
 "ssh-http-proxy: Incorrect url specified for http_proxy environment "
 "variable\n"
 msgstr ""
 #
 # File: ssh-http-proxy-connect.c, line: 167
+#, c-format
 msgid "ssh-http-proxy: http proxy not specified\n"
 msgstr ""
 #
@@ -5560,10 +5727,12 @@ msgid "ssh-http-proxy: Unable to connect to %s: %s\n"
 msgstr ""
 #
 # File: ssh-http-proxy-connect.c, line: 230
+#, c-format
 msgid "ssh-http-proxy: HTTP reply not understood\n"
 msgstr ""
 #
 # File: ssh-socks5-proxy-connect.c, line: 62
+#, c-format
 msgid ""
 "Usage: ssh-socks5-proxy-connect [-h socks5_proxy_host] [-p "
 "socks5_proxy_port] \n"
@@ -5576,6 +5745,7 @@ msgid "Unsupported SOCKS version: %x\n"
 msgstr ""
 #
 # File: ssh-socks5-proxy-connect.c, line: 218
+#, c-format
 msgid "ssh-socks5-proxy: SOCKS Server reply not understood\n"
 msgstr ""
 #
@@ -5585,9 +5755,11 @@ msgid "ssh-socks5-proxy: Address type not supported: %u\n"
 msgstr ""
 #
 # File: ssh-socks5-proxy-connect.c, line: 298
+#, c-format
 msgid "ssh-socks5-proxy: SOCKS5 SERVER not specified\n"
 msgstr ""
 #
 # File: ssh-socks5-proxy-connect.c, line: 336
+#, c-format
 msgid "ssh-socks5-proxy: Client and Server versions differ.\n"
 msgstr ""
diff --git a/usr/src/cmd/ssh/sshd/Makefile b/usr/src/cmd/ssh/sshd/Makefile
index 263b0ed83f..bc5b60f584 100644
--- a/usr/src/cmd/ssh/sshd/Makefile
+++ b/usr/src/cmd/ssh/sshd/Makefile
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # cmd/ssh/sshd/Makefile
@@ -56,12 +56,13 @@ OBJS	= sshd.o \
 	  groupaccess.o \
 	  gss-serv.o \
 	  loginrec.o \
-	  md5crypt.o \
 	  servconf.o \
 	  serverloop.o \
 	  session.o \
 	  sshlogin.o \
-	  sshpty.o
+	  sshpty.o \
+	  ../sftp-server/sftp-server.o
+
 SRCS	= $(OBJS:.o=.c)
 
 include ../../Makefile.cmd
diff --git a/usr/src/cmd/ssh/sshd/md5crypt.c b/usr/src/cmd/ssh/sshd/md5crypt.c
deleted file mode 100644
index 4c7c55c1e2..0000000000
--- a/usr/src/cmd/ssh/sshd/md5crypt.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-/*
- * Ported from FreeBSD to Linux, only minimal changes.  --marekm
- */
-
-/*
- * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
- */
-
-#include "includes.h"
-
-RCSID("$Id: md5crypt.c,v 1.5 2001/02/09 01:55:36 djm Exp $");
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
-
-#include <openssl/md5.h>
-
-static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
-	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-static char	*magic = "$1$";	/*
-				 * This string is magic for
-				 * this algorithm.  Having
-				 * it this way, we can get
-				 * get better later on
-				 */
-
-static void
-to64(char *s, unsigned long v, int n)
-{
-	while (--n >= 0) {
-		*s++ = itoa64[v&0x3f];
-		v >>= 6;
-	}
-}
-
-int
-is_md5_salt(const char *salt)
-{
-	return (!strncmp(salt, magic, strlen(magic)));
-}
-
-/*
- * UNIX password
- *
- * Use MD5 for what it is best at...
- */
-
-char *
-md5_crypt(const char *pw, const char *salt)
-{
-	static char     passwd[120], *p;
-	static const char *sp,*ep;
-	unsigned char	final[16];
-	int sl,pl,i,j;
-	MD5_CTX	ctx,ctx1;
-	unsigned long l;
-
-	/* Refine the Salt first */
-	sp = salt;
-
-	/* If it starts with the magic string, then skip that */
-	if(!strncmp(sp,magic,strlen(magic)))
-		sp += strlen(magic);
-
-	/* It stops at the first '$', max 8 chars */
-	for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
-		continue;
-
-	/* get the length of the true salt */
-	sl = ep - sp;
-
-	MD5_Init(&ctx);
-
-	/* The password first, since that is what is most unknown */
-	MD5_Update(&ctx,pw,strlen(pw));
-
-	/* Then our magic string */
-	MD5_Update(&ctx,magic,strlen(magic));
-
-	/* Then the raw salt */
-	MD5_Update(&ctx,sp,sl);
-
-	/* Then just as many characters of the MD5(pw,salt,pw) */
-	MD5_Init(&ctx1);
-	MD5_Update(&ctx1,pw,strlen(pw));
-	MD5_Update(&ctx1,sp,sl);
-	MD5_Update(&ctx1,pw,strlen(pw));
-	MD5_Final(final,&ctx1);
-	for(pl = strlen(pw); pl > 0; pl -= 16)
-		MD5_Update(&ctx,final,pl>16 ? 16 : pl);
-
-	/* Don't leave anything around in vm they could use. */
-	memset(final,0,sizeof final);
-
-	/* Then something really weird... */
-	for (j=0,i = strlen(pw); i ; i >>= 1)
-		if(i&1)
-		    MD5_Update(&ctx, final+j, 1);
-		else
-		    MD5_Update(&ctx, pw+j, 1);
-
-	/* Now make the output string */
-	strcpy(passwd,magic);
-	strncat(passwd,sp,sl);
-	strcat(passwd,"$");
-
-	MD5_Final(final,&ctx);
-
-	/*
-	 * and now, just to make sure things don't run too fast
-	 * On a 60 Mhz Pentium this takes 34 msec, so you would
-	 * need 30 seconds to build a 1000 entry dictionary...
-	 */
-	for(i=0;i<1000;i++) {
-		MD5_Init(&ctx1);
-		if(i & 1)
-			MD5_Update(&ctx1,pw,strlen(pw));
-		else
-			MD5_Update(&ctx1,final,16);
-
-		if(i % 3)
-			MD5_Update(&ctx1,sp,sl);
-
-		if(i % 7)
-			MD5_Update(&ctx1,pw,strlen(pw));
-
-		if(i & 1)
-			MD5_Update(&ctx1,final,16);
-		else
-			MD5_Update(&ctx1,pw,strlen(pw));
-		MD5_Final(final,&ctx1);
-	}
-
-	p = passwd + strlen(passwd);
-
-	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
-	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
-	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
-	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
-	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
-	l =                    final[11]                ; to64(p,l,2); p += 2;
-	*p = '\0';
-
-	/* Don't leave anything around in vm they could use. */
-	memset(final,0,sizeof final);
-
-	return passwd;
-}
-
-#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
diff --git a/usr/src/cmd/ssh/sshd/servconf.c b/usr/src/cmd/ssh/sshd/servconf.c
index 2b0e70d8d3..51e0b9bbe7 100644
--- a/usr/src/cmd/ssh/sshd/servconf.c
+++ b/usr/src/cmd/ssh/sshd/servconf.c
@@ -9,7 +9,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -55,8 +55,11 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short);
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
 
-/* Initializes the server options to their default values. */
-
+/*
+ * Initializes the server options to their initial (unset) values. Some of those
+ * that stay unset after the command line options and configuration files are
+ * read are set to their default values in fill_default_server_options().
+ */
 void
 initialize_server_options(ServerOptions *options)
 {
@@ -146,6 +149,7 @@ initialize_server_options(ServerOptions *options)
 
 	options->lookup_client_hostnames = -1;
 	options->use_openssl_engine = -1;
+	options->chroot_directory = NULL;
 }
 
 #ifdef HAVE_DEFOPEN
@@ -413,7 +417,7 @@ typedef enum {
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
-	sLookupClientHostnames, sUseOpenSSLEngine,
+	sLookupClientHostnames, sUseOpenSSLEngine, sChrootDirectory,
 	sDeprecated
 } ServerOpCodes;
 
@@ -509,6 +513,7 @@ static struct {
 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
 	{ "lookupclienthostnames", sLookupClientHostnames},
 	{ "useopensslengine", sUseOpenSSLEngine},
+	{ "chrootdirectory", sChrootDirectory},
 	{ NULL, sBadOption }
 };
 
@@ -574,6 +579,7 @@ process_server_config_line(ServerOptions *options, char *line,
 	char *cp, **charptr, *arg, *p;
 	int *intptr, value, i, n;
 	ServerOpCodes opcode;
+	size_t len;
 
 	cp = line;
 	arg = strdelim(&cp);
@@ -1020,6 +1026,21 @@ parse_flag:
 			fatal("%s line %d: Missing subsystem command.",
 			    filename, linenum);
 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
+
+		/*
+		 * Collect arguments (separate to executable), including the
+		 * name of the executable, in a way that is easier to parse
+		 * later.
+		 */
+		p = xstrdup(arg);
+		len = strlen(p) + 1;
+		while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
+			len += 1 + strlen(arg);
+			p = xrealloc(p, len);
+			strlcat(p, " ", len);
+			strlcat(p, arg, len);
+		}
+		options->subsystem_args[options->num_subsystems] = p;
 		options->num_subsystems++;
 		break;
 
@@ -1056,7 +1077,7 @@ parse_flag:
 	 */
 	case sAuthorizedKeysFile:
 	case sAuthorizedKeysFile2:
-		charptr = (opcode == sAuthorizedKeysFile ) ?
+		charptr = (opcode == sAuthorizedKeysFile) ?
 		    &options->authorized_keys_file :
 		    &options->authorized_keys_file2;
 		goto parse_filename;
@@ -1080,10 +1101,22 @@ parse_flag:
 	case sLookupClientHostnames:
 		intptr = &options->lookup_client_hostnames;
 		goto parse_flag;
+
 	case sUseOpenSSLEngine:
 		intptr = &options->use_openssl_engine;
 		goto parse_flag;
 
+	case sChrootDirectory:
+		charptr = &options->chroot_directory;
+
+		arg = strdelim(&cp);
+		if (arg == NULL || *arg == '\0')
+			fatal("%s line %d: missing directory name for "
+			    "ChrootDirectory.", filename, linenum);
+		if (*charptr == NULL)
+			*charptr = xstrdup(arg);
+		break;
+
 	case sDeprecated:
 		log("%s line %d: Deprecated option %s",
 		    filename, linenum, arg);
@@ -1127,3 +1160,14 @@ read_server_config(ServerOptions *options, const char *filename)
 		fatal("%s: terminating, %d bad configuration options",
 		    filename, bad_options);
 }
+
+/*
+ * Note that "none" is a special path having the same affect on sshd
+ * configuration as not specifying ChrootDirectory at all.
+ */
+int
+chroot_requested(char *chroot_directory)
+{
+	return (chroot_directory != NULL &&
+	    strcasecmp(chroot_directory, "none") != 0);
+}
diff --git a/usr/src/cmd/ssh/sshd/session.c b/usr/src/cmd/ssh/sshd/session.c
index 45a587566e..a3ca76e3ab 100644
--- a/usr/src/cmd/ssh/sshd/session.c
+++ b/usr/src/cmd/ssh/sshd/session.c
@@ -48,6 +48,8 @@ RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $");
 #include <libgen.h>
 #endif
 
+#include <priv.h>
+
 #include "ssh.h"
 #include "ssh1.h"
 #include "ssh2.h"
@@ -69,6 +71,9 @@ RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $");
 #include "serverloop.h"
 #include "canohost.h"
 #include "session.h"
+#include "tildexpand.h"
+#include "misc.h"
+#include "sftp.h"
 
 #ifdef USE_PAM
 #include <security/pam_appl.h>
@@ -113,6 +118,8 @@ static void do_authenticated2(Authctxt *);
 static int  session_pty_req(Session *);
 static int  session_env_req(Session *s);
 static void session_free_env(char ***envp);
+static void safely_chroot(const char *path, uid_t uid);
+static void drop_privs(uid_t uid);
 
 #ifdef USE_PAM
 static void session_do_pam(Session *, int);
@@ -137,9 +144,9 @@ const char *original_command = NULL;
 #define MAX_SESSIONS 10
 Session	sessions[MAX_SESSIONS];
 
-#ifdef WITH_AIXAUTHENTICATE
-char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
+#define	SUBSYSTEM_NONE		0
+#define	SUBSYSTEM_EXT		1
+#define	SUBSYSTEM_INT_SFTP	2
 
 #ifdef HAVE_LOGIN_CAP
 login_cap_t *lc;
@@ -545,6 +552,7 @@ do_exec_no_pty(Session *s, const char *command)
 #endif
 	if (pid < 0)
 		packet_disconnect("fork failed: %.100s", strerror(errno));
+
 	s->pid = pid;
 	/* Set interactive/non-interactive mode. */
 	packet_set_interactive(s->display != NULL);
@@ -1315,68 +1323,75 @@ do_nologin(struct passwd *pw)
 	}
 }
 
-/* Set login name, uid, gid, and groups. */
+/* Chroot into ChrootDirectory if the option is set. */
 void
-do_setusercontext(struct passwd *pw)
+chroot_if_needed(struct passwd *pw)
 {
-#ifdef HAVE_CYGWIN
-	if (is_winnt) {
-#else /* HAVE_CYGWIN */
-	if (getuid() == 0 || geteuid() == 0) {
-#endif /* HAVE_CYGWIN */
-#ifdef HAVE_SETPCRED
-		setpcred(pw->pw_name);
-#endif /* HAVE_SETPCRED */
-#ifdef HAVE_LOGIN_CAP
-# ifdef __bsdi__
-		setpgid(0, 0);
-# endif
-		if (setusercontext(lc, pw, pw->pw_uid,
-		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
-			perror("unable to set user context");
-			exit(1);
-		}
-#else
-# if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
-		/* Sets login uid for accounting */
-		if (getluid() == -1 && setluid(pw->pw_uid) == -1)
-			error("setluid: %s", strerror(errno));
-# endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
-
-		if (setlogin(pw->pw_name) < 0)
-			error("setlogin failed: %s", strerror(errno));
-		if (setgid(pw->pw_gid) < 0) {
-			perror("setgid");
-			exit(1);
-		}
-		/* Initialize the group list. */
-		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
-			perror("initgroups");
-			exit(1);
-		}
-		endgrent();
-# if 0
-# ifdef USE_PAM
-		/*
-		 * PAM credentials may take the form of supplementary groups. 
-		 * These will have been wiped by the above initgroups() call.
-		 * Reestablish them here.
-		 */
-		do_pam_setcred(0);
-# endif /* USE_PAM */
-# endif /* 0 */
-# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
-		irix_setusercontext(pw);
-#  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
-# ifdef _AIX
-		aix_usrinfo(pw);
-# endif /* _AIX */
-		/* Permanently switch to the desired uid. */
-		permanently_set_uid(pw);
-#endif
+	char *chroot_path, *tmp;
+
+	if (chroot_requested(options.chroot_directory)) {
+		tmp = tilde_expand_filename(options.chroot_directory,
+		    pw->pw_uid);
+		chroot_path = percent_expand(tmp, "h", pw->pw_dir,
+		    "u", pw->pw_name, (char *)NULL);
+		safely_chroot(chroot_path, pw->pw_uid);
+		free(tmp);
+		free(chroot_path);
 	}
-	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
-		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
+}
+
+/*
+ * Chroot into a directory after checking it for safety: all path components
+ * must be root-owned directories with strict permissions.
+ */
+static void
+safely_chroot(const char *path, uid_t uid)
+{
+	const char *cp;
+	char component[MAXPATHLEN];
+	struct stat st;
+
+	if (*path != '/')
+		fatal("chroot path does not begin at root");
+	if (strlen(path) >= sizeof(component))
+		fatal("chroot path too long");
+
+	/*
+	 * Descend the path, checking that each component is a
+	 * root-owned directory with strict permissions.
+	 */
+	for (cp = path; cp != NULL;) {
+		if ((cp = strchr(cp, '/')) == NULL)
+			strlcpy(component, path, sizeof(component));
+		else {
+			cp++;
+			memcpy(component, path, cp - path);
+			component[cp - path] = '\0';
+		}
+	
+		debug3("%s: checking '%s'", __func__, component);
+
+		if (stat(component, &st) != 0)
+			fatal("%s: stat(\"%s\"): %s", __func__,
+			    component, strerror(errno));
+		if (st.st_uid != 0 || (st.st_mode & 022) != 0)
+			fatal("bad ownership or modes for chroot "
+			    "directory %s\"%s\"", 
+			    cp == NULL ? "" : "component ", component);
+		if (!S_ISDIR(st.st_mode))
+			fatal("chroot path %s\"%s\" is not a directory",
+			    cp == NULL ? "" : "component ", component);
+	}
+
+	if (chdir(path) == -1)
+		fatal("Unable to chdir to chroot path \"%s\": "
+		    "%s", path, strerror(errno));
+	if (chroot(path) == -1)
+		fatal("chroot(\"%s\"): %s", path, strerror(errno));
+	if (chdir("/") == -1)
+		fatal("%s: chdir(/) after chroot: %s",
+		    __func__, strerror(errno));
+	verbose("Changed root directory to \"%s\"", path);
 }
 
 static void
@@ -1405,12 +1420,13 @@ launch_login(struct passwd *pw, const char *hostname)
  * environment, closing extra file descriptors, setting the user and group
  * ids, and executing the command or shell.
  */
+#define ARGV_MAX 10
 void
 do_child(Session *s, const char *command)
 {
 	extern char **environ;
 	char **env;
-	char *argv[10];
+	char *argv[ARGV_MAX];
 	const char *shell, *shell0, *hostname = NULL;
 	struct passwd *pw = s->pw;
 
@@ -1430,14 +1446,8 @@ do_child(Session *s, const char *command)
 	 * switch, so we let login(1) to this for us.
 	 */
 	if (!options.use_login) {
-#ifdef HAVE_OSF_SIA
-		session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
-		if (!check_quietlogin(s, command))
-			do_motd();
-#else /* HAVE_OSF_SIA */
 		do_nologin(pw);
-		do_setusercontext(pw);
-#endif /* HAVE_OSF_SIA */
+		chroot_if_needed(pw);
 	}
 
 	/*
@@ -1507,15 +1517,13 @@ do_child(Session *s, const char *command)
 	}
 #endif /* AFS */
 
-	/* Change current directory to the user\'s home directory. */
+	/* Change current directory to the user's home directory. */
 	if (chdir(pw->pw_dir) < 0) {
-		fprintf(stderr,
-		    gettext("Could not chdir to home directory %s: %s\n"),
-		    pw->pw_dir, strerror(errno));
-#ifdef HAVE_LOGIN_CAP
-		if (login_getcapbool(lc, "requirehome", 0))
-			exit(1);
-#endif
+		/* Suppress missing homedir warning for chroot case */
+		if (!chroot_requested(options.chroot_directory))
+			fprintf(stderr, "Could not chdir to home "
+			    "directory %s: %s\n", pw->pw_dir,
+			    strerror(errno));
 	}
 
 	if (!options.use_login)
@@ -1524,6 +1532,29 @@ do_child(Session *s, const char *command)
 	/* restore SIGPIPE for child */
 	signal(SIGPIPE,  SIG_DFL);
 
+	if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
+		int i;
+		char *p, *args;
+		extern int optind, optreset;
+
+		/* This will set the E/P sets here, simulating exec(2). */
+		drop_privs(pw->pw_uid);
+
+		setproctitle("%s@internal-sftp-server", s->pw->pw_name);
+		args = xstrdup(command ? command : "sftp-server");
+
+		i = 0;
+		for ((p = strtok(args, " ")); p != NULL; (p = strtok(NULL, " "))) {
+			if (i < ARGV_MAX - 1)
+				argv[i++] = p;
+		}
+
+		argv[i] = NULL;
+		optind = optreset = 1;
+		__progname = argv[0];
+		exit(sftp_server_main(i, argv, s->pw));
+	}
+
 	if (options.use_login) {
 		launch_login(pw, hostname);
 		/* NEVERREACHED */
@@ -1809,22 +1840,50 @@ session_subsystem_req(Session *s)
 	struct stat st;
 	u_int len;
 	int success = 0;
-	char *cmd, *subsys = packet_get_string(&len);
-	int i;
+	char *prog, *cmd, *subsys = packet_get_string(&len);
+	u_int i;
 
 	packet_check_eom();
 	log("subsystem request for %.100s", subsys);
 
 	for (i = 0; i < options.num_subsystems; i++) {
 		if (strcmp(subsys, options.subsystem_name[i]) == 0) {
-			cmd = options.subsystem_command[i];
-			if (stat(cmd, &st) < 0) {
-				error("subsystem: cannot stat %s: %s", cmd,
+			prog = options.subsystem_command[i];
+			cmd = options.subsystem_args[i];
+			if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) {
+				s->is_subsystem = SUBSYSTEM_INT_SFTP;
+			/*
+			 * We must stat(2) the subsystem before we chroot in
+			 * order to be able to send a proper error message.
+			 */
+			} else if (chroot_requested(options.chroot_directory)) {
+				char chdirsub[MAXPATHLEN];
+
+				strlcpy(chdirsub, options.chroot_directory,
+				    sizeof (chdirsub));
+				strlcat(chdirsub, "/", sizeof (chdirsub));
+				strlcat(chdirsub, prog, sizeof (chdirsub));
+				if (stat(chdirsub, &st) < 0) {
+					error("subsystem: cannot stat %s under "
+					    "chroot directory %s: %s", prog,
+					    options.chroot_directory,
+					    strerror(errno));
+					if (strcmp(subsys, "sftp") == 0)
+						error("subsystem: please see "
+						    "the Subsystem option in "
+						    "sshd_config(4) for an "
+						    "explanation of '%s'.",
+						    INTERNAL_SFTP_NAME);
+					break;
+				}
+			} else if (stat(prog, &st) < 0) {
+				error("subsystem: cannot stat %s: %s", prog,
 				    strerror(errno));
 				break;
+			} else {
+				s->is_subsystem = SUBSYSTEM_EXT;
 			}
 			debug("subsystem: exec() %s", cmd);
-			s->is_subsystem = 1;
 			do_exec(s, cmd);
 			success = 1;
 			break;
@@ -2630,3 +2689,40 @@ do_authenticated2(Authctxt *authctxt)
 {
 	server_loop2(authctxt);
 }
+
+/*
+ * Drop the privileges. We need this for the in-process SFTP server only. For
+ * the shell and the external subsystem the exec(2) call will do the P = E = I
+ * assignment itself. Never change the privileges if the connecting user is
+ * root. See privileges(5) if the terminology used here is not known to you.
+ */
+static void
+drop_privs(uid_t uid)
+{
+	priv_set_t *priv_inherit;
+
+	/* If root is connecting we are done. */
+	if (uid == 0)
+		return;
+
+	if ((priv_inherit = priv_allocset()) == NULL)
+		fatal("priv_allocset: %s", strerror(errno));
+	if (getppriv(PRIV_INHERITABLE, priv_inherit) != 0)
+		fatal("getppriv: %s", strerror(errno));
+
+	/*
+	 * This will limit E as well. Note that before this P was a
+	 * superset of I, see permanently_set_uid().
+	 */
+	if (setppriv(PRIV_SET, PRIV_PERMITTED, priv_inherit) == -1)
+		fatal("setppriv: %s", strerror(errno));
+
+	priv_freeset(priv_inherit);
+
+	/*
+	 * By manipulating the P set above we entered a PA mode which we
+	 * do not need to retain in.
+	 */
+	if (setpflags(PRIV_AWARE, 0) == -1)
+		fatal("setpflags: %s", strerror(errno));
+}
diff --git a/usr/src/cmd/ssh/sshd/sshd.c b/usr/src/cmd/ssh/sshd/sshd.c
index b89f0ccf48..d3b1f0c940 100644
--- a/usr/src/cmd/ssh/sshd/sshd.c
+++ b/usr/src/cmd/ssh/sshd/sshd.c
@@ -1613,8 +1613,15 @@ authenticated:
 	 * contexts.
 	 */
 	debug2("Unprivileged server process dropping privileges");
-	permanently_set_uid(authctxt->pw);
+	permanently_set_uid(authctxt->pw, options.chroot_directory);
 	destroy_sensitive_data();
+
+	/* Just another safety check. */
+	if (getuid() != authctxt->pw->pw_uid || 
+	    geteuid() != authctxt->pw->pw_uid) {
+		fatal("Failed to set uids to %u.", (u_int)authctxt->pw->pw_uid);
+	}
+
 	ssh_gssapi_server_mechs(NULL); /* release cached mechs list */
 	packet_set_server();